Jump to content

co4ie

Active Members
  • Posts

    638
  • Joined

  • Last visited

  • Days Won

    6

Everything posted by co4ie

  1. cauta aici si citeste tot ce te intereseaza despre telefon si ce poti face cu el. Si App2SD am urcat aici varianta pro
  2. @PingLord : Daca stia din ce este format MAC-ul stiasi ce e ala un pachet de retea si cum se face identificarea calculatorului in retea la conectare si nu ar mai fi pus aceasta intrebare! Daca fiecare incepator ar lua o carte de retelistica in mana am evita 30% din posturile de pe forum
  3. Raspunsul este : Nu ! Nimeni nu o sa iti afle MAC-ul original !!
  4. @Robert1995 ...gresesti cu calculele...majoritatea care sunt angajati la facebook sunt studenti si masteranzi care mai au si cursuri si altele la scoala lucrand in jur de 6h/zi si in plus nici nu sunt obligati sa mearga ma sediu atata timp cat isi fac treaba ! Deci sumele obtinute sunt enorme mai ales pt cineva care nu are deloc experienta!
  5. Cand iei atatia bani dai tot ce e mai bun din tine! Daca esti motivat si nu te gandesti la ziua de maine muncesti altfel + ca trebuie sa fii tampit sa nu faci asta cand ai un loc de munca stabil inca din facultate , platit bine , intr-o companie mare cu posibilitati uriase in viitor !
  6. Ce am observat eu la prezentarea de aseara a fost ca Samsung nu are nici o persoana care sa stie sa prezinte un produs... @Ellimist: Nu stiu la ce te asteptai... totusi e un telefon mobil nu un pc ! eu am avut ocazia sa ma joc pe htc si nu mi-a placut , nici ca design nici ca performante ... Daca are aceleasi specificatii asta nu inseamna ca vor rula/functiona in acelasi mod! Reclama nu cred ca au facuto ei ... toate specificatiile pana acum au fost doar speculatii! Nici eu nu am fost foarte impresionat de prezentare dar trebuie sa recunosti ca la momentul actual este cel mai complet/puternic smartphone de pe piata si va ramane in top mult timp !Daca vorbesti de snobism ... gandeste-te la toti cei care au cumparat I4/S doar pentru ca este scump (romanii) si pt a avea marul ala putrezit pe el...si 90% din ei il folosesc ca un telefon normal, nu tu net nu tu e-mail, nu tu aplicatii care chiar sa ii ajute la ceea ce fac ... nimic ...! Cand vine vorba de putere totul e cam discutabil... eu fac o gramada de chestii pe SGS`ul meu si puterea procesorului in multitasking conteaza enorm! Bateria va fi o problema intradevar dar tehnologia evolueaza ... Daca acum (SGS1)ma tine bateria o zi la o folosire enorma a telefonului eu sunt multumit... trebuie totusi sa te gandesti ca e un telefon cu o baterie de 4/4cm si un ecran mare cu o luminozitate mare, cu procesor mare, cu internet in permanenta deschis, poze zilnic facute, muzica cam 1h/zi si multe altele!Daca ai la ce il folosi telefonul poate face parte din stilul tau de viata ... si din cate am observat pe asta s-a axat samsung cu noile tehnologii introduse pe sgs3!Anul trecut eu am renuntat la ideea de a-mi cumpara SGS2 special pt SGS3 si nu imi pare rau ... cred ca este cel mai complet dispozitiv prezent la ora asta pe piata si abia astept sa apara si la noi ! Gusturile nu se discuta dar mie nu imi place HTC`ul ..nici ca design nici ca performante !
  7. In pimul rand sesiunile se deschid dupa ce exploitul a fost executat .. in al doilea rand ai putea incerca sa folosesti ca payload windows/meterpreter/bind_tcp sau windows/shell/bind_tcp pentru ca la reverse_tcp trebui sa faca upload la stager si sa il execute ! Daca nu ai drepturi de scriere/executare nu o sa iti mearga payload-ul ! Din ce ai postat se vede ca 192.168.0.105 este ip-ul tau, la reverse_tcp ,normal ar trebui sa inceapa sa astepte conexiunea chiar daca exploitul nu functioneaza deci verifica sa nu fi incurcat LHOST(localhost/ip`ul tau) cu RHOST(remotehost/ip`ul victimei)! BTW: asta e thread-ul de exploituri nu de ajutor ... ai gresit sectiunea !!
  8. @vladimir: Vorbesti aiurea ... Backtrack este 95% Ubuntu si "vine numit backtrack doar pentru suitele de tool-uri instalate " dupa cum a precizat Pythone ! BTW se numeste Mandriva ... Si nu poti spune ca Ubuntu este cea mai buna distributie doar pentru ca iti place tie sau ca toti copii pot da clickuri si cred ei ca stiu linux !Intradevar Ubuntu are parte de cel mai bun suport la ora actuala dar daca ai probleme in loc sa incerci sa le rezolvi fugi repede la nenea gogu si dai copy/paste de pe forumuri !! Cea mai buna distributie este cea cu care lucrezi tu personal cel mai bine .. Si asta o sa iti spuna orice sysadmin cat de cat competent ! @pythone: sunt sigur ca cei care folosesc Backtrack exact pentru ceea ce a fost creat stiu/"sunt in stare" sa instaleze Slackware ... Cel mai probabil alegerea lor a fost facuta pentru popularitatea distributiei si pentru ca 99% din persoanele care stiu sa lucreze in astfel de medii se simt cat de cat confortabil cu Ubuntu !
  9. Zice bine Muts ... Nu este de competenta echipei Backtrack sa faca/aplice un patch la un produs care nu este al lor ! Probabil exploitul pt Wicd este pentru toate distributiile dar a fost scos in fata doar pt ca este default in Backtrack ! @pyth0n3: Functioneaza destul de bine ca si OS instalat ... Eu nu am avut probleme pana acum cu el si in afara de stabilitatea conectiunii la wifi (wep/wpa) eu nu am avut nici cea ai mica problema cu el !
  10. Geniale sistemele de genul ... dar trebuie sa ai o companie uriasa ca sa fie rentabila o achizitie de genul ! Cam asta este viitorul in materie de rack-uri !!
  11. Uite AICI un tutorial vechi ... probabil poti pune o versiune mai mnoua de garmin dar nu am tim sa caut acum ...
  12. Dupa cum am precizat ... daca la asta te refereai imi cer scuze ! Dar "In plus in spania costa 10€ pe luna internet prin ftp, si wifi gasesti oriunde !" Internet prin ftp ? Ori trebuie sa inveti sa te exprimi ori e prea dimineata pentru mine si mai trebuie sa beau o cafea !
  13. @ Saves ... Tu in loc sa pui mana sa inveti , incepi sa te caci pe tine aiurea !! FTP Citeste si invata despre protocoalele de retea , ce face fiecare si la ce se foloseste fiecare !! Daca te referai la FTP (Foiled Twisted Pair) ca si cablu Atunci imi cer scuze ! Dar pun pariu ca pana in thread-ul asta nici nu auzisei de asa ceva !!
  14. @sorelian: Da ... corect ... dar interventia din partea clientului nu mi se pare minima ! Pentru cei care abia stiu sa deschida YM si sa citeasca presa pe net e deja rocket science... Sa ii mai pui sa seteze ordinea de bootare in BIOS, sa booteze in linux, sa se conecteze la net (gandeste-te daca are conexiune PPPoE ce implica) si sa configureze pidgin (nu e greu dar majoritatea habar nu au unde este escape-ul pe tastatura) , deja se complica situatia ! Dupa cum am zis ... intentia este laudabila dar sunt multe de luat in calcul ! Se poate face un start-up script care sa deschida automat conexiunea la net (in caz de PPPoE sa ceara doar user/pass) sa deschida TW in wifislax , sa deschida pidgin (cu un id facut deja special) si sa trimita pass la tw ... doar asa vad interventie minima in linux din partea clientului ! @tex: cred ca se referea la cablu UTP ... daca despre cablu era vorba (Desi pot sa bag mana in foc ca nu este cazul)!!
  15. Incearca cu sudo /etc/init.d/kdm stop
  16. @saveS "In plus in spania costa 10€ pe luna internet prin ftp, si wifi gasesti oriunde !" CE?????? Hai cu banul ca sa nu ma mai obosesc sa ii explic idiotului ce e ala FTP !! @ Brutus : Desi intentia de a face asa ceva este laudabila nu vad nici un viitor pt ea ! Daca, clientii tot trebuie sa instaleze TW .. poti folosi o masina virtuala (daca au si un adaptor usb wireless) in care sa rulezi orice distributie de linux si sa nu mai fie nevoie de crearea unui usb bootabil pentru ca dupa ce faci stick-ul bootabil trebuie sa restartezi masina si sa bootezi in Linux ! Asta este un inconvenient pentru client care daca nu stie cum sa seteze in BIOS sa booteze de pe usb (daca nu e ON by default) o sa isi prinda urechile ! Si sa presupunem ca booteaza in linux de pe stick ... aici iti trebuie din nou parola pentru a te conecta .. ceea ce implica inca o data interventia clientului (si daca are o parola predefinita nu cred ca e corect pt clienti) ! Bube ar mai fi dar oricum nu vad cum ar functiona asa ceva ! Auzi la el internet prin ftp WHAT ???
  17. Post Exploitation – Disable Firewall and Kill Antivirus One of the most important parts while performing a penetration test is too able to work undetected.A firewall may block you and an antivirus software may detect your activities.If an antivirus detects your activities the penetration test will not look so professional in the eyes of your client. So one of the first things that you may want to try when you have exploited the remote system is to disable any antivirus solution and firewall.For this article we will use the Windows Firewall and the AVG 2012 as an antivirus. Lets say that we have exploited the remote machine which in this scenario is running Windows XP as an operating system. Exploiting the target We will instruct meterpreter to give us a shell to the remote system with the command shell. Obtain a remote shell Now we need to check if the remote system has the Firewall enabled.We will use the command: netsh firewall show opmode Check if the Windows Firewall is enabled As we can see the firewall is enabled.In order to disabled it we will use the command: netsh firewall set opmode mode=disable Disable the Windows Firewall We can check the remote system in order to see if the firewall has been disabled successfully. Proof that the firewall has been disabled The firewall has been disabled and now it is time to kill the antivirus.So we will return back to the meterpreter session and we will run the command killav. Killav Meterpreter script We can see that this script that meterpreter has it killed some services including the avgrsx.exe.We may assume that the AVG antivirus is now disabled but the reality is different.Lets have a look first at the source code of the killav script in order to understand what it actually does. Sample of Source code of Killav script As you can see there is a list with names of processes of well-known antivirus.So when we run the killav script it actually tried to match the existing processes on the list with the processes on the remote host in order to find the antivirus and kill it.Now lets try to investigate the processes on the remote target after we have executed the killav script. Tasklist on the remote computer As you can see from the next image there are still some avg processes that are running.So the meterpreter script it didn’t work as expected. Processes of the remote system Now we will try to categorize these processes in order to see in which service they belong.The command that we are going to use is the tasklist /svc Categorize the services We are interesting only for the avg services and their processes so we will use the command tasklist /svc | find /I “avg” in order to discover them.So in this way we have instruct the remote system to give us a result with the services that have image name that starts with avg. Discovery of the AVG services These are the processes that we need to kill it.However if we try to do we will notice that it will not have any affect because the services avgwd and AVGIDSAgent will restart these processes once they get killed.So lets try to examine these two services and their attributes. Attributes of AVG services As you can see from the image above these two services cannot be stopped and cannot be paused.So how you are supposed to disable an antivirus which have services that cannot be stopped or paused?The only solution valid solution is to try to disable the services so with the next reboot of the target these services will not start.We can achieve that by executing the following commands that you can see in the image below. Disable the AVG Services We will reboot the remote target through the meterpreter Reboot the remote target Now that the system has restarted it is time to examine if there are any avg processes that are still running. Find the running processes of AVG after the reboot We have notice from this output that there are 3 processes instead of 5 and the two processes that correspond to avgwd and AVGIDSAgent services are missing.This is because we have disable them before the reboot.So we can now kill these 3 processes safely. Kill the remaining AVG processes The antivirus is now disabled on the remote target and we can now continue our work without any fear of being interrupted and discovered by an antivirus or a firewall. The last thing that we may want to try is to clear the system log files.We can run the command clearev in the meterpreter in order to delete all records from the event viewer. Clear the log files The next screenshot is the proof that the log files have been deleted and there are no records. No records in the Event Viewer Conclusion Every penetration tester needs to know how to disable a firewall or an antivirus remotely.This is very essential for his penetration testing activities.However as we saw the meterpreter script didn’t manage to disable the antivirus.This is a proof that a penetration test is not an automatic process and it requires also the human factor. Except of that the main disadvantage was that this method required to reboot the remote target in order to disable the antivirus so if someone was working at the system he would have noticed that something is going wrong besides the fact that it would have affection to his work.However in a system that nobody is working it is an effective method. Sursa
  18. Anatomy of an RFI/LFI Attack In yesterday's blog, we described how an RFI/LFI attack worked in the case of militarysingles.com. How do they work in general? Today's blog attempts to describe how these attacks works in the wild. We will show how malicious code can be uploaded to the server. Our hope from this exercise? Step 1: Take an innocent jpg image and some malicious code: Why pictures? Because many sites (such as militarysingles) allow only picture upload and no other file types. Here's a malicious code example: This specific code was used to find vulnerable servers to RFI and would likely get detected by most anti-virus packages available today. This simple code instructs the server to concatenate the strings “FeeL” and “CoMz” in both the ‘echo’ and ‘die’ functions, write the strings back to the user and exit the current script. If the user will see these strings in the response from the server, he can know that the server is vulnerable to RFI. Step 2: Copy and paste the malicious code in the Camera maker property: Step 3: Load the infected image to a web server. Step 4: Use the URL of the infected image as an input to the vulnerable server: Note the ‘FeeLCoMzFeeLCoMz’ output received from the server. In order to have better immunity to anti-virus software, one can modify step 2: What was done? You divide the malicious code into two parts. Paste one part in the Camera maker property and the second part in the Camera model property. This will produce the same infection as before--with zero antivirus detection. Also, the picture still look benign to the eye and valid from the technical point of view.
  19. Nu a promis nimic Eu am zis ca iesim la baut nu ca face Cheater cinste Oricum buna gluma Bine ca nu mi-ai trimis si mie ca in 5 minute eram la tine la usa:))
  20. WebSploit ToolKit -------------------------------------------------- WebSploit Is An Open Source Project For Scan And Analysis Remote System From Vulnerability Description : [+]Autopwn - Used From Metasploit For Scan and Exploit Target Service [+]wmap - Scan,Crawler Target Used From Metasploit wmap plugin [+]format infector - inject reverse & bind payload into file format [+]phpmyadmin - Search Target phpmyadmin login page [+]lfi - Scan,Bypass local file inclusion Vulnerability & can be bypass some WAF [+]apache users - search server username directory (if use from apache webserver) [+]Dir Bruter - brute target directory with wordlist [+]admin finder - search admin & login page of target [+]MLITM Attack - Man Left In The Middle, XSS Phishing Attacks [+]MITM - Man In The Middle Attack [+]Java Applet Attack - Java Signed Applet Attack [+]MFOD Attack Vector - Middle Finger Of Doom Attack Vector [+]USB Infection Attack - Create Executable Backdoor For Infect USB For Windows About Author : Founder : 0x0ptim0us (Fardin Allahverdinajhand) Location : Azarbaycan ScreenShot : Download Sursa
  21. Classic Web Browser Client Side Exploit by Keatron Evans
  22. Debdroid supports any Android device with loopback devices and ext2, flashable zip works on ICS/GB. Succesfully tested on Samsung Galaxy SII, Epic 4G Touch, Motorola Atrix, HTC EVO, HTC Incredible. Contents 1 Overview 1.1 Uses 2 Backtrack 5 2.1 How-To 2.2 Manual Install Method 2.3 Uses 3 Downloads 3.1 Distro Images 4 Screenshots 5 Updates 5.1 03/23/2012 6 Workaround for devices that have locked bootloader and/or no loop.ko Overview The flashable zip contains the shell scripts, conf and apk. If you are unable to flash, mount /system as rw and place the the files manually. BEFORE TRYING ANY OF THESE SCRIPTS MAKE SURE YOU HAVE A ROOT SH SHELL su sh Scripts: debdroid - starts the debdroid chroot without the apk wrapper. debshell - wrapper for passing commands to the chroot. Example - "debshell "apt-get update" debkill - kills the chroot in case anything goes wrong Conf: /etc/debdroid.conf contains options such as img location, dns servers, loop number and shared directory. Note: The shared directory is mounted to /mnt/share in the chroot environment. Apk: com.afrosec.debdroid.apk - apk wrapper that essentially launches "bash debshell" Known Bugs: Exit deployment does not work, you must kill the application by holding the back button or hitting exit deployment until it allows you to FC Uses Debdroid comes preinstalled with nmap, ettercap, ssh, g++ and gcc. With a chroot environment you are able to install software with the native package manager and completely avoid cross-compiling. You are able to drop to a bash shell in the chroot by executing "debshell bash" In order to get ssh up execute "debshell sshup" In the previous release of Debdroid I showed its capabilities of WLAN sniffing using your device, this is still an applicable use. Script Manager Compatibility: Because debshell can pass commands directly to the chroot sub-system you can use a script manager app to launch commands as well. Debdroid provides the user with a full Linux environment you can ssh into. This may cater to the needs of the of the individuals who need to perform device-related linux tasks without an actual linux workstation. Backtrack 5 Penetration testing from your pocket. Backtrack 5 released with an ARM image compatible with the Motorola Xoom. FAT32 has a file size limit of 4gb, bt5's img size was over 5gb, therefore unable to work with any other Android device booting the chroot of off an external SD-Card. The attached img files are downsized to 3.25GB. How-To: Flash the debdroid installer zip Download either the custom .img or the original .img Create a folder called debdroid on your sdcard. Copy the .img to /sdcard/debdroid and rename to linux.img Start up the APK (or debdroid from shell), Deploy, pentest from your pocket. Manual Install Method For certain devices if the flashable zip does not work* Mount device on computer, extract flashable zip to /sdcard/debdroid Copy the directories of /sdcard/debdroid to /system (/sdcard/debdroid/bin to /system/bin) (If copy does not work use cat - (cat /sdcard/debdroid/debdroid >> /system/bin/debdroid) chmod +x contents in the /sdcard/bin (debdroid, debkill, debshell) Our custom .img changes: Replaced gnome with xfce4 and fixed startvnc Uses NMAP internal networks from WIFI AP without a laptop. All the functionality of Backtrack 5 in your pocket.. scan any network your device can connect to. Donload: Flashable ZIP Torrent with Flashable ZIP and BackTrack 5 ARM Distro Images These custom images are resized to 3.25gb to fit on all FAT32 sdcards. 4GB is the file size limit. Note: Rename all .img to linux.img unless you specify otherwise in your conf. Backtrack 5 ARM 3.5gb Original img Backtrack 5 ARM 3.5gb Custom img Debian Squeeze ARM 1gb img Debian Squeeze ARM 2gb img Debian Squeeze ARM 3gb img Debian Squeeze ARM 4gb img Debian Squeeze ARM 5gb img Debian Lenny ARM 750mb img Workaround for devices that have locked bootloader and/or no loop.ko For devices that can't create a loopback interface to an image, we need another solution. The following is a rough outline to create a partition on your locked device and install (copy) the debian/ubuntu/backtrack image to your SD card. On your linux box: 1) Shrink the partition on your SD card by 4GB. 2) Create an ext3 partition in the free space. 3) Create a loopback interface to the image you wish to run. losetup /dev/loop0 /home/usernamehere/distributionnamehere.img mount -t ext2 /dev/loop0 /home/usernamehere/somemountfoldername 4) Copy all files from the image to the 4GB SD partition. cp -r pathtoloopiface/* pathto4gbmount/* 5) ^ takes about 2.5 hrs let it finish completely. 6) adb push and chmod 777 this modified bootubuntu script to /system/bin on your phone boothatshite.sh 6.1) if you get read-only filesystem: "adb shell mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system" This (mtdblock3 & yaffs2) probably differ for devices other than DroidX. 7) make sure there is a path to /data/local/mnt on the device 8) run the script and it will put you into a chroot jail. if you are using the lakia ubuntu image, vnc will autostart. To quit the chroot just type exit at the shell. Sursa Have Fun !!
  23. Nu dau la schimb ... imi pare rau !! M-am lasat de jocuri !!
×
×
  • Create New...